Food delivery giant Grubhub has confirmed a recent data breach affecting its internal systems. The company stated that unauthorized individuals accessed and downloaded data from certain Grubhub systems. This disclosure comes amid reports that hackers are demanding a ransom payment to prevent the release of the stolen information.

Key Takeaways

• Grubhub has confirmed a data breach involving unauthorized access to internal systems.

• The company claims sensitive information like financial details and order history were not affected.

• Reports suggest the hacking group ShinyHunters is behind the extortion attempt.

• The breach may be linked to previously stolen credentials from earlier attacks.

• Grubhub has engaged a cybersecurity firm and notified law enforcement.

Details of the Breach

Grubhub acknowledged the incident in a statement, confirming that "unauthorized individuals who recently downloaded data from certain Grubhub systems." The company stated it "quickly investigated, stopped the activity, and are taking steps to further increase our security posture." However, Grubhub declined to provide specific details regarding when the breach occurred, the exact nature of the data accessed, or whether customer data was involved.

Extortion Demands and Suspected Hackers

Sources indicate that the hacking group ShinyHunters is behind the extortion attempt. The group is reportedly demanding a Bitcoin payment to prevent the publication of stolen data. This data is said to include older Salesforce records from a previous breach and newer information from Grubhub's Zendesk customer support system.

Potential Cause and Impact

Investigators believe the breach may be connected to credentials stolen during earlier Salesloft Drift attacks. Attackers reportedly used stolen OAuth tokens to access sensitive systems. While Grubhub asserts that financial data and order history were not compromised, support systems often contain personal details such as names, email addresses, and account notes, which can be used for phishing or identity scams.

Recommendations for Customers

To mitigate risks following the breach, customers are advised to:

1. Update Passwords: Change Grubhub passwords immediately and avoid reusing them across other accounts. Utilize a password manager for unique, strong passwords.

2. Enable Two-Factor Authentication (2FA): Activate 2FA on Grubhub and other online accounts for an extra layer of security.

3. Be Wary of Phishing: Watch out for suspicious emails or texts related to orders, refunds, or account issues. Do not click on unknown links or download attachments.

4. Monitor Accounts: Regularly check Grubhub account activity for any unfamiliar actions or communications.

5. Secure Linked Email: Ensure the email account linked to Grubhub is secure with a strong password and 2FA.

Grubhub is taking steps to enhance its security, but customers are urged to remain vigilant.

Sources

• Grubhub data breach confirmed amid extortion demands from hackers, Fox News.

• Grubhub confirms data breach amid extortion claims, Kurt the CyberGuy.

• Grubhub Confirms Data Breach Amid Ransom Demand, FindArticles.